package com.alawn.security.config.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import com.alawn.framework.core.utils.IPUtils;
import com.alawn.framework.core.utils.MacUtils;
import com.alawn.security.config.token.SecurityToken;

public class SecurityFormAuthenticationFilter extends FormAuthenticationFilter {

	@Override
	protected AuthenticationToken createToken(String username, String password, ServletRequest request,
			ServletResponse response) {
		String captcha = request.getParameter("captcha");
		boolean rememberMe = isRememberMe(request);
		String ipAddr = IPUtils.getIpAddr((HttpServletRequest) request);
		String macAddr = MacUtils.getMacAddr(ipAddr);
		return new SecurityToken(username, password, rememberMe, ipAddr, macAddr, captcha);
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		if (request.getAttribute(getFailureKeyAttribute()) != null) {
			return true;
		}
		return super.onAccessDenied(request, response, mappedValue);
	}
}
